<!-- ************************************************************************************************************ -->
<!-- fileName          : UpdateAdminPassword.jsp 																  -->
<!-- author            : 马文军 																					  --> 
<!-- createDate        : 2015/05/09 																			  -->
<!-- summary           : admin端  “修改密码” 后台逻辑 															  		  -->
<!-- modifiedBy        : 马文军																				      -->
<!-- ************************************************************************************************************ -->

<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%@ page import="java.sql.*" %>
<%@ page import="java.util.*" %>
<%@ page import="java.text.*" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title>UpdateAdminPassword</title>
<style type="text/css">

</style>

</head>
<body>
<%
	//设置请求的字符编码以支持中文
	request.setCharacterEncoding ("utf-8");

	//从请求页面获取表单参数
    String password = request.getParameter("password");
    String newpassword = request.getParameter("newpassword");
    System.out.println("更新管理员密码");

     
	//从web.xml文件获取全局参数
	String drv=config.getServletContext().getInitParameter("DBDriver");
	String url=config.getServletContext().getInitParameter("DBURL");
	String uid=config.getServletContext().getInitParameter("DBUser");
	String pwd=config.getServletContext().getInitParameter("DBPass");
	
    //构建SQL字符串和JDBC对象
    
	String strSQL1 = "SELECT * FROM immie0_immi.user u WHERE password=?";	//  user表有三个字段(id、username、password) 
	String strSQL2 = "update immie0_immi.user set password=? where id=1 ";
	Connection conn = null;
	PreparedStatement pstmt1 = null;	
	PreparedStatement pstmt2 = null;
	
	ResultSet rs1 = null;
	
	try {
		Class.forName(drv).newInstance(); //数据库驱动加载
		conn = DriverManager.getConnection(url,uid,pwd);//取得数据库连接
		pstmt1 = conn.prepareStatement(strSQL1);		//实例化数据库操作对象
		//设置SQL语句的参数	
		pstmt1.setString(1, password);	
		rs1 = pstmt1.executeQuery();  //执行查询

		if(rs1.next()) //原密码正确
		{
			pstmt2 = conn.prepareStatement(strSQL2);		//实例化数据库操作对象
			//设置SQL语句的参数	
			pstmt2.setString(1, newpassword);	
			pstmt2.executeUpdate();  
			response.sendRedirect("./admin_adminpassword.jsp?result=ok");
		}
		else
		{	response.sendRedirect("./admin_adminpassword.jsp?error=ok");	}
		
	} catch (ClassNotFoundException e) {
		e.printStackTrace();
	} catch (InstantiationException e) {
	    e.printStackTrace();
	} catch (IllegalAccessException e) {
		e.printStackTrace();
	} catch (SQLException e) {
		e.printStackTrace();
	} 
	finally {
		if (rs1 != null) {
			rs1.close();
			rs1 = null;
		}
		if (pstmt1 != null) {
			pstmt1.close();
			pstmt1 = null;
		}	
		if (pstmt2 != null) {
			pstmt2.close();
			pstmt2 = null;
		}
		if (conn != null) {
			conn.close();
			conn = null;
		}
	}
%>
</body>
</html>